Get Results From a File Search and Export
Endpoint URL: https://<your server>/rest/sensors/action/fileSearch/csv/:batchID
Endpoint URI: sensors/action/fileSearch/csv/:batchID
Action: GET
Returns the results for a specified file search batch and exports them as a CSV list.
This request is supported from versions 19.0 and higher.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
None
Request Parameters
URL/URI parameters You must provide the batch ID for the search as part of the URL.
Request Body Parameters: None
Response Status Code
This request can return the following status codes:
200: Success OK
404 - Content not found: The batch ID you entered in the URL is not correct or up to date
Response Success Schema
The response contains a CSV file with the following fields:
Field |
Type |
Description |
---|---|---|
File Name |
String |
The file name for the file search operation |
Machine Name |
String |
The machine or machine names specified in the file search operation. |
File Path |
String |
The complete path to the file in the search. |
File Size |
Integer |
The number of bytes for the file |
Created At |
Integer |
The time (in epoch) when the file was created |
Last Modified |
Integer |
The time (in epoch) when the file was last modified. |
Matched YARA rules |
String |
Names of YARA rules that had a match on this file. |
Response Failure Schema
A 404 error code with a message indicating Content not found is reported.
Important Response Fields
The CSV list contains only relevant information, so all fields in the list are important to understand your results.
Example: View previous search results and export
Request
curl --request GET \
--url \https://12.34.56.78/rest/sensors/action/fileSearch/csv/-1312043715 \
--header 'Content-Type:application/json' \
Response
File Name,Machine Name,File Path,File Size,Created At,Last Modified,Matched YARA Rules file.txt,demo-win7-64,C:\Users\admin\Desktop\Malwares,11021,"Sunday, October 28, 2018 7:59:50 AM UTC","Sunday, October 28, 2018 7:59:55 AM UTC",interesting_strings_1;other_rule malicious.txt,demo-win7-64,C:\Users\admin\Desktop\Malwares,211603202,"Monday, October 29, 2018 2:46:26 PM UTC","Wednesday, October 31, 2018 11:22:52 AM UTC",interesting_strings_1;other_rule
Request
Response
File Name,Machine Name,File Path,File Size,Created At,Last Modified,Matched YARA Rules
file.txt,demo-win7-64,C:\Users\admin\Desktop\Malwares,11021,"Sunday, October 28, 2018 7:59:50 AM UTC","Sunday, October 28, 2018 7:59:55 AM UTC",interesting_strings_1;other_rule
malicious.txt,demo-win7-64,C:\Users\admin\Desktop\Malwares,211603202,"Monday, October 29, 2018 2:46:26 PM UTC","Wednesday, October 31, 2018 11:22:52 AM UTC",interesting_strings_1;other_rule
Download request Python script
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
url = "https://12.34.56.78/rest/sensors/action/fileSearch/csv/-1312043715"
headers = {'Content-Type': 'application/json'}
session = requests.session()
response = session.request("GET", url, headers=headers)
print response.content
Response
File Name,Machine Name,File Path,File Size,Created At,Last Modified,Matched YARA Rules
file.txt,demo-win7-64,C:\Users\admin\Desktop\Malwares,11021,"Sunday, October 28, 2018 7:59:50 AM UTC","Sunday, October 28, 2018 7:59:55 AM UTC",interesting_strings_1;other_rule
malicious.txt,demo-win7-64,C:\Users\admin\Desktop\Malwares,211603202,"Monday, October 29, 2018 2:46:26 PM UTC","Wednesday, October 31, 2018 11:22:52 AM UTC",interesting_strings_1;other_rule